How to build operational resilience


Earlier this year, UK financial authorities published their final policy statements for operational resiliency. Though the process started in 2018, events such as the pandemic and escalating cyberattacks greatly influenced these policies. Even though organisations and financial systems have been able to get through such rough patches, it was not because they are supremely resilient. Instead, a lot of extra pain and expense went into reaching the other side of the tunnel.

If we are honest, we haven’t even reached the light yet. Cyberattacks are becoming worse and more impactful, now sending ripples through supply chains. Companies are still nursing their bruises and consolidating their actions as the dust settles around the pandemic. And don’t let the jumps in growth numbers fool you: substantial amounts of capital is being poured into markets to create stability, masking problems such as lower consumer spending and rising inflation.

“You know the saying – if the going gets tough, the tough gets going,” says Sean Pyott, Managing Director of risk and resilience technology provider, thryve (Pty) Ltd. “But nobody is born tough. You become tough and then work on that to remain tough. There has been some passive acknowledgement that companies are not quite as resilient as they might think – the 2008 financial crisis comes to mind. But the past two years have delivered successive blows to companies, which frankly held on by the skin of their teeth. And we were lucky. The pandemic was actually a slow-starting crisis, not something that arrived overnight. Forward-thinking companies are asking if they should become tougher.”

Operational resiliency arrives

These factors make 2021 and successive years the time for business continuity and operational resiliency, the equivalent of organisational toughness. Moreso, recent events make it more likely that companies will see the business value in adopting principles of resiliency, including:

  • Mapping business processes and services
  • Setting tolerance thresholds
  • Establishing resiliency as a board and exco responsibility
  • Testing real-life scenarios

Operational resilience is also on the cards because of technology adoption. The rapid digitisation of companies enables them to accomplish much more with less and establish deeper and more dynamic levels of visibility.

“Businesses today are keen to use technology to their advantage,” says Riaan Bekker, thryve’s Force Solutions Manager. “They experience the advantages in terms of sales journeys and remote working. Those are the low-hanging fruit – the real measure of using technology successfully should be in the back-office, around process mapping, risk management and visibility inside and outside the business. Conversations around operational resiliency put those topics on the table and they are more attractive as investments.”

How to build operational resilience

Modern integrated risk management (IRM) systems align well with operational resiliency, and establish operational resilience frameworks and strategies. An IRM platform such as Riskonnect draws information from internal and external sources to paint a clear picture of a company’s risks and opportunities, including ad-hoc and granular reporting. Businesses use IRM to map clear lines of responsibilities, and discover and test scenarios that could impact operations.

IRM systems additionally identify critical services, resources and operational resilience components. They establish impact tolerances for each service to show what the business could withstand if that service were disrupted and track each threshold’s value, duration, tolerance range, status, and date.

Such software runs complex mathematical simulations, such as Monte Carlo analysis, to predict best, worst, and average outcomes for each scenario. The results provide objective data to help you determine the best course of action, based on operational resilience metrics.

“Utilising the right technology can create a culture of continual improvement and situational awareness around competitiveness, business continuity, and risk mitigation,” says Pyott.

Let’s take the pandemic’s lessons to heart, as UK finance is already doing. We can praise companies for rolling with the punches, but we should also be cognizant of the weaknesses that surfaced. Operational resiliency, powered through modern data-integrated software systems, provide the way forward. There has never been a better time financially, practically and culturally to adopt operational resilience.